Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/e_0jMlBNF0CdItANUogPSvLJgP8.roa
File:                     e_0jMlBNF0CdItANUogPSvLJgP8.roa (raw, json)
Hash identifier:          QG49Xh9f7zZxyGRNPUs4r6TPRVpSvL4LYtSpoHOtK90=
Subject key identifier:   7B:FD:23:32:50:4D:17:40:9D:22:D0:0D:52:88:0F:4A:F2:C9:80:FF
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0196ABA888065BEFC7A57D8768F3A5171F90
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/e_0jMlBNF0CdItANUogPSvLJgP8.roa
Signing time:             Wed 07 May 2025 16:51:10 +0000
ROA not before:           Wed 07 May 2025 16:51:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214216
IP address blocks:        2a11:7a40::/29 maxlen: 29
                          2a11:cb40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 20:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ab:a8:88:06:5b:ef:c7:a5:7d:87:68:f3:a5:17:1f:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May  7 16:51:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bfd2332504d17409d22d00d52880f4af2c980ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:02:65:32:31:99:5b:a1:b0:f8:fb:c2:bf:da:
                    b8:9f:29:87:02:46:1e:5d:cb:6a:c0:ba:45:96:52:
                    4f:2c:7d:25:73:77:13:1f:71:3c:c2:ce:27:62:01:
                    49:55:98:a5:03:e8:cd:77:be:85:6e:a8:87:9b:c6:
                    59:23:00:86:3f:df:ee:c8:b5:db:1e:4e:e4:52:34:
                    dc:e5:29:92:df:41:22:41:8f:8b:1c:1b:48:4b:2c:
                    5d:4a:a9:e3:55:b2:7a:fb:77:b0:3d:73:51:66:ec:
                    b8:84:52:a5:04:e8:f5:10:e1:f6:63:a2:c7:8e:10:
                    ee:56:05:6e:ea:50:fa:f1:a5:37:f0:32:31:1a:26:
                    dc:d6:6b:56:84:b9:34:ae:5b:b3:ac:4f:bd:71:a7:
                    d4:c8:0e:fe:28:9d:36:1f:df:ef:ae:64:37:a2:84:
                    20:83:bf:88:39:38:db:b0:cf:37:6e:b5:52:c2:ae:
                    c5:52:c6:08:b5:95:21:cb:89:ee:6f:1d:33:cf:06:
                    c0:a4:fe:2e:b2:c4:a3:24:a3:21:9d:00:f6:b3:62:
                    45:d3:87:cf:a4:ab:c5:c3:92:01:44:fc:45:43:0f:
                    b6:fb:2b:b6:c7:6c:b9:d1:4c:6b:00:5e:ec:58:66:
                    95:dd:10:e7:a7:6a:49:df:40:7d:26:8b:be:74:26:
                    5a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:FD:23:32:50:4D:17:40:9D:22:D0:0D:52:88:0F:4A:F2:C9:80:FF
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/e_0jMlBNF0CdItANUogPSvLJgP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:7a40::/29
                  2a11:cb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         b7:f5:56:57:56:81:d4:ba:4d:ff:77:68:38:cc:df:8a:27:bd:
         5d:53:be:60:ab:b4:32:0c:8e:a3:12:b8:06:98:bf:44:82:b5:
         09:dd:34:dd:cc:00:b3:48:97:ad:16:b6:90:50:8d:12:fd:24:
         e0:0b:d3:91:ed:74:a9:61:2d:e4:aa:77:94:19:6c:08:45:af:
         aa:5f:c3:22:b1:82:a1:4b:3f:4b:16:76:f0:19:a2:6f:8a:c9:
         40:9f:ac:34:7f:70:dd:2d:01:44:4c:72:f6:17:b9:dc:51:ef:
         b6:f8:21:ee:29:6d:3e:6d:f9:78:de:04:5a:d4:74:55:a7:2e:
         3a:24:94:c8:41:d3:97:4f:00:9d:6a:1d:c4:96:84:18:9f:1f:
         8a:a7:bc:56:64:be:2f:c3:dd:ea:dc:a7:d9:ef:2d:3d:7c:f5:
         3c:43:18:90:83:35:b1:5a:62:2a:16:19:8f:06:c1:96:d9:02:
         f5:ee:ee:a0:42:0a:b1:5c:9f:7b:0f:37:d8:d4:aa:f7:0f:a2:
         d1:ea:87:9d:63:6e:b6:08:5e:a2:e3:04:e3:20:ac:96:9b:f0:
         3b:0a:e8:4a:83:2d:dd:1e:a4:bb:a4:e3:17:7d:c3:d5:df:b5:
         cb:2e:61:92:14:87:35:05:2d:cb:8e:4e:50:c7:8a:ec:e6:94:
         ba:87:4d:1f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZarqIgGW+/HpX2HaPOlFx+QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNTA3MTY1MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmZkMjMzMjUwNGQxNzQwOWQyMmQwMGQ1Mjg4MGY0YWYyYzk4MGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQJlMjGZW6Gw+PvCv9q4nymHAkYe
XctqwLpFllJPLH0lc3cTH3E8ws4nYgFJVZilA+jNd76FbqiHm8ZZIwCGP9/uyLXb
Hk7kUjTc5SmS30EiQY+LHBtISyxdSqnjVbJ6+3ewPXNRZuy4hFKlBOj1EOH2Y6LH
jhDuVgVu6lD68aU38DIxGibc1mtWhLk0rluzrE+9cafUyA7+KJ02H9/vrmQ3ooQg
g7+IOTjbsM83brVSwq7FUsYItZUhy4nubx0zzwbApP4ussSjJKMhnQD2s2JF04fP
pKvFw5IBRPxFQw+2+yu2x2y50UxrAF7sWGaV3RDnp2pJ30B9Jou+dCZa4wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHv9IzJQTRdAnSLQDVKID0ryyYD/MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvZV8wak1sQk5GMENkSXRBTlVvZ1BTdkxKZ1A4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhF6QAMF
AyoRy0AwDQYJKoZIhvcNAQELBQADggEBALf1VldWgdS6Tf93aDjM34onvV1TvmCr
tDIMjqMSuAaYv0SCtQndNN3MALNIl60WtpBQjRL9JOAL05HtdKlhLeSqd5QZbAhF
r6pfwyKxgqFLP0sWdvAZom+KyUCfrDR/cN0tAURMcvYXudxR77b4Ie4pbT5t+Xje
BFrUdFWnLjoklMhB05dPAJ1qHcSWhBifH4qnvFZkvi/D3ercp9nvLT189TxDGJCD
NbFaYioWGY8GwZbZAvXu7qBCCrFcn3sPN9jUqvcPotHqh51jbrYIXqLjBOMgrJab
8DsK6EqDLd0epLuk4xd9w9XftcsuYZIUhzUFLcuOTlDHiuzmlLqHTR8=
-----END CERTIFICATE-----